DataSetu Auth API documentation - /auth/v1/audit/tokens


Audit access tokens
-------------------

Endpoint:

	https://auth.datasetu.org/auth/v1/audit/tokens

Description:

	This API allows a "data consumer" or a "data provider" to audit their
	tokens.

Called by:

	A "data provider" or a "data consumer" with a valid class-3 or above certificate.

Methods:

	POST

Body in JSON format:

	{
		"hours" : <number of hours for which the audit-report has to be generated>	// required
	}

HTTP response code:

	200
		If audit report has been successfully fetched.

	403
		If the certificate class is < 3

Using pyIUDX SDK:

	from pyIUDX.auth import auth

	iudx_auth = auth.Auth("certificate.pem","private-key.pem")

	iudx_auth.audit_tokens(5) # audit report for last 5 hours

CURL example:

	Request:

		curl -XPOST https://auth.datasetu.org/auth/v1/audit/tokens

			--cert certificate.key --key private-key.key

			-d '{"hours": 5}'

	Response:

	200 OK
	content-type : "application/json"

	{
	   "as-consumer" : [
	    {
		"token-issued-at"		: "2019-08-08T03:29:50.779Z",
		"expiry"			: "2019-08-08T04:29:50.779Z",

		"introspected"			: true,
		"revoked"			: false,
		"expired"			: false,

		"certificate-serial-number"	: "5badd8f2b7d2c8cb0413883c7d023624543e6802",
		"certificate-fingerprint"	: "8b:dd:a4:ab:24:88:21:6a:51:2f:13:49:00:26:1f:cb:dc:86:df:70",

		"request": [
		   {
			"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1.com/resource-1",

			"methods" : [
				"GET"
			],

			"apis" : [
				"/latest"
			],

			"body": {
				"key": "value"
			}
		   }
		]
	    },
	    ...
	  ],

	  "as-provider"	: [
	    {
		"consumer"			: "user@domain.com",
		"token-hash"			: "8be0e684cdf5f9f802704f580d7d39a11f6acec4b157afa1d20afd7497595105",

		"token-issued-at"		: "2019-08-08T03:29:50.779Z",
		"expiry"			: "2019-08-08T04:29:50.779Z",

		"introspected"			: true,
		"revoked"			: false,
		"expired"			: false,

		"certificate-serial-number"	: "5badd8f2b7d2c8cb0413883c7d023624543e6802",
		"certificate-fingerprint"	: "8b:dd:a4:ab:24:88:21:6a:51:2f:13:49:00:26:1f:cb:dc:86:df:70",

		"request": [
		    {
			"id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1.com/resource-1",

			"methods": [
				"GET"
			],

			"apis" : [
				"/latest"
			],

			"body": {
				"key": "value"
			}
		    }
		]
	    },
	    ...
	  ]
	}

	Where:
		1. "certificate-fingerprint" is the sha1 fingerprint of the consumer certificate.

		2. "token-hash" is the sha256 hash of the token.
See also:

	token API:
		http://auth.datasetu.org/token.html

	token introspect API:
		http://auth.datasetu.org/token-introspect.html

	token revoke API:
		http://auth.datasetu.org/token-revoke.html